[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Help needed for Openldap > Active directory slave/proxy setup.
On 12/14/12 15:33 +0100, Marco van Putten wrote:
Hi all,
We want to setup a Openldap server which is a slave to our Active
directory. The ldap server only has to do replication of the
necessary records to act as a address book for non Exchange users.
Further more the authentication has to be done against the users in
the Active directory.
You can use use slapo-pbind or slapd-ldap to forward simple binds to active
directory. If you're performing sasl binds, you could configure slapd to
use saslauthd to authenticate PLAIN sasl binds against active directory:
~$ cat /etc/saslauthd.conf
ldap_servers: ldap://192.0.2.5
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
or you could configure saslauthd to use its kerberos5 backend.
I found some guides/examples to set up the authentication part. But
none of them seems to do want we want because it requires to have the
user in your Openldap server with a special "userPassword
{SASL}user@domain.com" entry. But we want the openldap database to
only contain contact information and not username/password
information.
Does anybody know how to set up such a thing and can give me some
hints/guides/recipes on how to do this?
--
Dan White